On Monday, President Obama gave a speech kicking off his big push on cybersecurity, with many of the details being released on Tuesday, and they don’t look very good. There are a lot of different pieces, but we’ll just highlight the two that concern us the most.
First up: information sharing/”cybersecurity.” The key issue here: is it the return of CISPA? CISPA, of course, is the cybersecurity “information sharing” bill that is introduced each year, but which is really about giving the NSA a tool to pressure companies into sharing their information (by granting immunity from liability to those companies). In 2012, President Obama rejected the CISPA approach as not having enough protections for privacy and civil liberties. And, indeed, contrary to what some have said, the official proposal is not “endorsing CISPA.” The approach is definitely more limited and the most major concern is addressed. Rather than giving the information to the NSA (or the FBI), Homeland Security gets it. DHS isn’t wonderful, but it’s better than the other two alternatives. Companies can still give the info to the NSA or FBI (or others), but won’t get full immunity from lawsuits if they do.
But, where the new proposal falls woefully short is in its lack of privacy protections. It basically handwaves its way through the privacy question, saying there will be guidelines, but the guidelines aren’t written yet, and they’re fairly important here.